IP address reputation search. See if a public Internet Protocol (IP) version 4 address is listed in a bad-reputation or a "special-category" list.
IP addresses listed in bad-reputation lists may have been used to propagate malware, send spam, or used in social engineering attacks. If an IP address is characterized malicious for computer systems and Internet users, does not necessarily mean that the people using this IP address are bad apples. The systems using the listed IP address may have been compromised or there is a security gap that bad actors are exploiting to send malicious IP traffic.
Also, even though it is not likely, the listing may be a false positive or the result of a malicious actor's manipulation of the signals that the reputation lists are processing.
Most IP addresses listed in
!bl-ip and
!bl are not malicious at all and they should not be blocked. For example a Spamhaus PBL listing simply mean that the IP address is being used by a regular user in an eyeball network and it is highly unlikable that a legitimate email transfer system is there. Firewalling the PBL list in your web-servers means blocking many legitimate human users. Also, firewalling IP addresses used as tor-exits means that you are blocking potential suppressed legitimate human users trying to circumvent an information-restriction policy. In general,
!bl produces information signals and some intelligence, and definitely not ready to use block-lists.
If your IP address was characterized "malicious" by a reputation list you should investigate your systems. If you are running a mail server in a listed IP address and you have problems delivering email you should go through the process of removing the IP address from the list. Otherwise, going through the removal process is not that important. Just clean-up your systems and your IP address will eventually be unlisted.
If your IP address is listed by the IPduh ip-rep list just wait for 24 hours and the listing will expire. IPduh lists forget listing-signature pairs that have seen before and are set in a such a way that is highly unlikable they will see them again. Also, IPduh processes a tiny amount of signals in comparison with the other reputation lists and it is not used by anyone else other than IPduh. The IPduh ip-rep answers provided here are just one more information-tip that may be useful to threat hunters and system administrators investigating security incidents or debugging issues.
The following examples are chosen in random from IP addresses that have been listed in major bad reputation lists in the past. The following examples are random and do not imply anything for the system administrators attending the systems that use the IP addresses or the network administrators managing the IP space.
Examples:
!bl 164.90.236.193!bl 70.39.90.183!bl 85.244.215.221!bl 195.211.191.76!bl 106.14.135.217!bl 36.255.236.12!bl 2.57.232.45!bl 107.170.17.43Also see:
!help !bl!bl-dns-slow